Signed a package with rpm --resign. Verfied as below: # rpm --checksig hpadu-8.26-1.noarch.rpm hpadu-8.26-1.noarch.rpm: (sha1) dsa sha1 md5 gpg OK Create custom channel in Spacewalk and try to use rhn_package_manager from the Proxy to add package (tried with several different packages): # rhn_package_manager -v --channel="rhel-x86_64-server-custom-5" hpadu-8.26-1.noarch.rpm Red Hat Network username: admin Red Hat Network password: Connecting to https://FQDN/XP Uploading hpadu-8.26-1.noarch.rpm Upload error: ERROR: hpadu-8.26-1.noarch.rpm: unsigned rpm (use --nosig to force) Using --nosig works fine: # rhn_package_manager -v --channel="rhel-x86_64-server-custom-5" hpadu-8.26-1.noarch.rpm --nosig Red Hat Network username: admin Red Hat Network password: Connecting to https://FQDN/XP Uploading hpadu-8.26-1.noarch.rpm Uploading batch: hpadu-8.26-1.noarch.rpm Uploaded: hpadu-8.26-1.noarch.rpm Copying hpadu-8.26-1.noarch.rpm to /var/spool/rhn-proxy/rhn/hpadu/8.26-1/i386/hpadu-8.26-1.i386.rpm Tried to dig into why myself but it's beyond me :/
We did not parse the signature in our code. The header object is created in /usr/share/rhn/common/rhn_rpm.py on line 267: hdr, is_source = rpm.headerFromPackage(file_desc) So it seems that rpm-python did not correctly parse the rpm header. Hmm strange on RHEL4 I get even traceback: # rpm --checksig 4Suite-1.0-3.i386.rpm 4Suite-1.0-3.i386.rpm: (sha1) dsa sha1 md5 gpg OK # rhn_package_manager -v --channel="foo" 4Suite-1.0-3.i386.rpm Red Hat Network username: admin Red Hat Network password: Connecting to http://xen30.englab.brq.redhat.com/XP Uploading 4Suite-1.0-3.i386.rpm Traceback (most recent call last): File "/usr/bin/rhn_package_manager", line 28, in ? rhn_package_manager.main() File "/usr/share/rhn/PackageManager/rhn_package_manager.py", line 125, in main upload.uploadHeaders() File "/usr/share/rhn/PackageManager/uploadLib.py", line 343, in uploadHeaders verbose=self.options.verbose, nosig=self.options.nosig) File "/usr/share/rhn/PackageManager/uploadLib.py", line 469, in _processBatch nosig=nosig) File "/usr/share/rhn/PackageManager/uploadLib.py", line 424, in _processFile h = get_header(None, f.fileno(), source) File "/usr/share/rhn/PackageManager/uploadLib.py", line 619, in get_header h = rhn_rpm.get_package_header(filename=file, fd=fildes) File "/usr/share/rhn/common/rhn_rpm.py", line 274, in get_package_header hdr, offset = rpm.readHeaderFromFD(file_desc) AttributeError: 'module' object has no attribute 'readHeaderFromFD'
Removing bug 496838 blocks bug 497059.
What I tried was: I registered my client to the Proxy. I created a custom channel and I subscribed my client to this channel. I downloaded couple of different packages from different repositories. ==================================================================== on proxy: # rpm --resign <package>.rpm Enter pass phrase: Pass phrase is good. <package>.rpm: gpg: WARNING: standard input reopened gpg: WARNING: standard input reopened # rpm --checksig <package>.rpm <package>.rpm: (sha1) dsa sha1 md5 gpg OK ( I verified the signature owner by comparing the key ID # rpm -v --checksig <package>.rpm and # gpg -K ) # gpg --export -a <key_owner> > RPM-GPG-KEY-ko # scp RPM-GPG-KEY-ko client:/tmp/ # rhn_package_manager -v --channel=<custom_channel> <package>.rpm Red Hat Network username: <username> Red Hat Network password: Connecting to https://<spacewalk_server>/XP Uploading <package>.rpm Uploading batch: <package>.rpm Uploaded: <package>.rpm Copying <package>.rpm to /var/spool/rhn-proxy/rhn/<package_name>/<package_version>/<package_arch>/<package>.rpm ==================================================================== on client: # rpm --import /tmp/RPM-GPG-KEY-ko # yum clean all # yum install -y <package>.rpm ==================================================================== What did you do different?
Nothing different really. The version of Proxy was the 0.6 nightly up-to-date as of the date I added the bugzilla report. I'm afraid I've had to use that host for something else since then so I don't have a Spacewalk Proxy to test right now -- maybe Miroslav might be able to test again?
I tried to reproduce it again without any success. Passing to ON_QA to verify.
Spacewalk 0.6 released